ALKHOBAR, 28 February 2006 — In the summer of 2001, a computer worm called Code Red II invaded hundreds of thousands of computers, giving hackers unauthorized access to systems and nearly shutting down the White House website. This type of malicious hacker-authored code spreads like smallpox through unprotected computers and networks.
The most recent high-profile case hit the Internet in mid-August 2005. Users who take a chance by not downloading a program patch to keep out the worm or who fail to upgrade their software risk spreading such Internet infections.
“The total worldwide cost of major computer security attacks between 1999 and 2004 was estimated to be about $36.5 billion, so this is a significant problem,” said Tunay Tunca, assistant professor of operations, information and technology at the Stanford Graduate School of Business and the 2005 Moghadam Family Faculty Fellow at the Stanford Graduate School of Business.
Worms and other kinds of security threats, Tunca explained, can harm home machines and larger computer networks by triggering annoying operational glitches, destroying data or putting personal information in the hands of strangers. Hackers do their damage by writing code that seeks software vulnerabilities in individual computers and then spreads globally through the Internet by finding and attacking machines with similar holes.
In their paper, “Network Software Security and User Incentives,” Tunca and Stanford Business School doctoral student Terrence August developed several mathematical models to figure out how software vendors could coax consumers into applying patches. The best and most practical approach, Tunca found, is simply for the software vendors to spend the resources necessary to make their patches easier to use and reliable.
Seems like that strategy would be obvious even without being bolstered by the findings of research study!
